Tie together jdeps and dependencycheck and dependabot
binkley opened this issue · comments
See related #468.
From an issue I filed with JDeps:
kordamp/jdeps-gradle-plugin#31
We should pull together the spread out documentation on dependencies, and give them their own page. This is a key concern in building modern software and CI pipelines.
Discuss in the "Dependency management" page.
Context
I'm reproducing some text from the JDeps issue to make easier reading for us:
What I'd like is:
- A report on my dependencies. JDeps does the job
- My build to fail when dependencies our outdated and have security issues. DependencyCheck does this
- My CI pipeline to offer solutions to update outdated dependencies. Dependabot does this